thaloco/banger
1
Fork 0
Code Pull requests Releases Packages Activity Actions

Add LICENSE, update .gitignore, add security note to README

Browse source 
- MIT LICENSE (2026 Thales Maciel)
- .gitignore: replace broad /build/ with explicit /build/bin/ and
  build/manual/ so large manual rootfs/kernel artifacts are clearly
  excluded; add *.pem, *.key, id_rsa
- README: add Security section documenting intentional
  PermitRootLogin yes / StrictModes no in guest sshd and the
  network boundary that makes it acceptable
This commit is contained in:
Thales Maciel 2026-04-14 16:54:33 -03:00
parent ff51b7ce21
commit 9afa0e97ce
No known key found for this signature in database
GPG key ID: 33112E6833C34679
3 changed files with 41 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -280,6 +280,21 @@ Alpine support currently applies to the explicit register-and-run flow above.
The generic `banger image build --from-image ...` path remains Debian/systemd-
oriented and should not be treated as an Alpine image builder.
## Security
Guest VMs are single-user development sandboxes, not multi-tenant servers.
Every provisioned image is configured with:
```
PermitRootLogin yes
StrictModes no
```
This is intentional. The host SSH key is the only authentication mechanism,
no password auth is enabled, and VMs are reachable only through the host
bridge network (`172.16.0.0/24` by default). Do not expose the bridge
interface or the VM guest IPs to an untrusted network.
## Notes
- Firecracker is resolved from `PATH` by default.